[Samba] LDAP Master/Slave

rruegner robert at ruegner.org
Wed Aug 18 22:11:09 GMT 2004 

thats right
regards

Jason C. Waters schrieb:
> I don't think this is a solution.  If I understand what you were saying, 
> on the BDC I should have this as the passwd backend:
> 
> passwd backend = ldapsam:"ldaps://ldap.server2 ldaps://ldap.server1"
> 
> server2 - the BDC and ldap slave which is read only
> server1 - is the PDB and has the ldap master which users can read/write, 
> so they could update their passwords.
> 
> If I have it setup this way, the users that on the other side will never 
> be able to update their passwords, at least on that leg of the VPN.  Or 
> maybe I just thinking about this the wrong way.
> 
> Jason
> 
> rruegner wrote:
> 
>> Hi,
>> if you want to stay bdc stay alive, in cases
>> when vpn broke so on your bdc smb.conf
>> your slave ldap should be the first entry in the passwd backend,
>> so if vpn brake , the slave ldap operates with its last
>> entries from the master and will give the win clients any chance
>> to operate just like if the pdc is alive.
>> If vpn is up again it the ldap should refresh the slave automatic.
>> But note, a bdc is read only so changes can olny be made to the master 
>> ldap on the pdc.So no changes can be made to the domain during the 
>> blackout period.
>> If you want a full functional bdc you also should setup user clients 
>> homes and profiles in your outside ( vpn ) office hosted on the bdc.
>> ( a seperate dhcp server and an bind slave with longtime zone caching 
>> is very usefull, too )
>>
>> Regards
>>
>> Jason C. Waters schrieb:
>>
>>> Is anyone using this?  My smb.conf file has this line in server1(master)
>>>
>>> passwd backend = ldapsam:"ldaps://ldap.server1 ldaps://ldap.server2"
>>>
>>> and this is what server2(slave ldap, BDC) looks like:
>>>
>>> passwd backend = ldapsam:"ldaps://ldap.server1 ldap.server2"
>>>
>>> This is what happens.  When I take down server 1's ldap server, 
>>> server2 just starts using its local ldap server.  But if I take down 
>>> the VPN between the two, I try the same test, pdbedit -L, it works 
>>> but it take about 6 seconds for it to timeout on server1.  Is this 
>>> normal or do I need to change some DNS setting?  Thanks for your help.
>>>
>>> Jason

More information about the samba mailing list